tv Key Capitol Hill Hearings CSPAN January 7, 2014 12:30am-2:31am EST
preparation against these kinds of threats? >> think the spectrum you are referring to is the -- there are a number of approaches like that. you know it's funny that you use banks and major corporation because i think that helps us understand the issue a little bit. probably the leaders in both developing defenses and working together to understand how their risks are interconnected as the financial year. why? because the financial sector faces very real loss, threats from criminals. why do you go after banks? that is where the money is. so the financial year has learned to work together develop their defenses and also understand it from a risk perspective. they don't have to stop every single attack. they have some models to understand the relationship between how much to invest in what they get out. most companies in the broader economy don't have that.
now they don't have that for a number of reasons. one, we don't have a good way of understanding what our losses and what are risks are. often when we talk about the theft of competitive data we usually think about the special sauce. when coca-cola was hit in 2010 so it was literature be due to the group associated with the chinese government. did the bad guys go after the secret formula for coca-cola? no, no one really cares about that. but we do know is that less than 10 days after the attack happened the chinese government rejected coca-cola's bid to buy the largest soft drink bottle or in china. now this was a kid that everyone on wall street thought would go through so we have to think about what is at risk from a very broad perspective. the challenge is actually understanding what is at risk and how to defend ourselves and
that is a really big job. because the dan balz having a holistic view of what is at stake in an organization. that has to come from the board top down and it also has to come from thinking about the risks we face in a way that the managers and the ward will say listen we have real immediate losses that we can tie to failure to act now and that may come from the market and it may have to come from a more interventionist government approach. >> what the main lessons of the look is that as opposed to how this is often framed and talked about, this cybersecurity, this problem area whether you're talking about at the national level all the way down to you as an individual it's not about the software. it's not about the hardware. it's about the wet where ware, it's about the people. it's about the incentives that drive them, the organizations that they are in, the level of awareness.
it's all about the people at the end of the day and in turn in your question used a really important word which was resilience. one of the things we very much pushes the idea of their resilience model rather than this discourse that sometimes is out there someone that has the secret sauce solution for all your problems or i can hack back and solve all the problems bordanelle, all we need to do is build up a line defense. no, it's about resilience and the idea is resilience whether you are pulling from the resilience of your body or when it comes to psychology. it's the idea that bad things are going to happen. it's how you bounce back from them. your body doesn't have an exterior layer of defense and that's it it's over. your body is setup to do
everything from isolate that to triage and figure out what's important and what's not. the psychology site, the resilience. you can't go through life thinking enough bad things are going to happen. a resilient mentality and a resilient relationship is something that can deal with the bad things in recovering again to go back to what we are talking about the fore part of the problem of how and why we have talked about the cybersecurity issues is joke, we turn the volume up to 11 spinal tap style. i have all the solutions for you in the power grid scenario. i guarantee you someone is going to lose power in the washington d.c. area within the next 48 hours but if we put the word fiber in front of it we would suddenly have congressional panels going who is to blame? what's wrong? >> and a lot more willing to fix the problem. >> resilience is the model i
would prefer us to have. brazilians with your talking about innovation down to you as an individual and how do you protect your cherished memories and files, you have to think about that for yourself? >> thanks a lot gentlemen. i'm an attorney and focus on humanitarian law. my question is we talk about the problems and i think the nsa is a pretty easy whipping boy. there are problems with corporations not taking their own initiative but in the opportunities for leadership in the opportunities for government policy in the absence of legislation president obama signing the executive order in cyber's security and i'm wondering what the three of you actually think are here about its prospects are actually helping enhance the resilience and security posture of the u.s.
nation on a global security and u.s. national interest. does that executive order move us closer and move us in the direction we need to go in the absence of legislation? >> so, the court, the core of the executive order is to develop a voluntary framework to implement existing standards for more security. so the supply to all the critical infrastructure which is legally defined but we usually think of it as the basic essentials like water and things like that. the challenge of this frame, we can think of the government as being good at some things like hitting people with a stick to get them to do things and bad at other things like developing technical standards. one way to look at the executive
orders to say we sort of flipped out. the government is collecting the technical standards but there's no enforcement tool so that is why a lot of are skeptical. i think there is some reason to be optimistic for a number of reasons. one this succeeds in getting the right people in the right room to pay attention. representatives from the major industries have set up and watching what's going on. they're trying to dig out how do we get out of this? the notion here is that this is the last up to 90 that industry has to fix the problem themselves and so if we think of the executive order as do it now and i have got the stick of regulation behind my back. in fact that's part of the executive order to identify areas where the system working so that's one. another approach is we do need to have a rising tide lifts all boats awaiting to find the tools to get various players to work together and are fights a platform and an organizational
venue for different parts of complex supply chains to get together and talk about how their risks are interdependent. so that sounds fluffy or even worse it sounds boring but that is really where we want to be. cybersecurity shouldn't be this new thing. cybersecurity should be the boring work of lawyers talking to other lawyers, economists talking to other economists, technologist talking to each other and having everyone talk to each other. lots of conversation so that everyone is on the same page and hopefully we keep turning that page and it gets a little bit better. >> just a quick book sales note, don't know he won't cybersecurity is warring. sort of another -- let's go to another. jim. >> jim handsome from acxiom. historically information security is focused on the perimeter. you build bigger walls around
the data. make sure that nobody can sneak in and hack your data. bradley manning -- between him and snowed and we obviously didn't make a whole lot of progress. the major breaches and leaks that we have had no one backed up-and-up to the data center and took off with the servers. people were stealing data. have you seen any of the dances or a move dionne permit or security to look at what they are stealing in the data itself and its focus. >> i will jump in on this one and you can do it as well. you hit it exact rewrite. this mentality that this imaginal line thinking or the walls of jericho. walls never work. frankly to go back to this issue in the past question of infrastructure. sometimes they'll say i don't need a wall. i will have an air gap. i'd like an air gaps balloons
that the nuns would try to put between teenagers at catholic school dances. they just don't work in and. the iranians thought they had a wonderful air gap defending, keeping bad malware out of their research. it worked for them. and so instead we have to change the resilience model but also following basic measures in terms of not only trying to keep bad out but monitoring what's happening on your own networks including by your own people. and whether it's the manning episode or snowden, those organizations as sophisticated and is well-funded as they were, u.s. military and nsa, they were not following basic rules and procedures that cupcake store should have. the same when it comes to the power of very asics cyber hygiene. the most important penetration
of the u.s. military network by an outsider happen because a soldier found aim memory stick in a parking lot and thought it was a good idea to plug it into their computer. that's not just cyberheisey -- cyber hygiene, that's basic hygiene. it carries across -- look, we are laughing but it's the same story of the major tech knowledge accompany. the guy picked up a cd that he found in the men's room. would you pick up anything found in the men's room, a piece of food or column or whatever? to all of us who work in the policy world could conference conferences where you are giving these memory sticks out as favors. what it is as basic hygiene and it goes back to the notion of the past question of the standards. the top 20 controls, one study found that they would stop 94%
of all attacks. 94%. whoa what about the other 6% by someone sophisticated beinecke t.? i hates its value but all of you are not in targeted. second is even if you are, as a sophisticated operation, even if you are go talk to i.t. folks and say if i didn't have to spend 94% of my time running down the low-level stuff i could focus on the advanced stuff and finally guess what, the van stuff often gets spent from these low-level things. my favorite recent story of this was diplomats at the ge 20 conference who got spearfish so to speak. they received e-mails that lead them to on an event that they thought they were dominating photos of the french first lady instead they were downloading spyware. with no one on the story so we
could solve these basic levels we could do a lot better and get to some of the more sophisticated technological responses. >> does anyone else have a question about picking something up in the backroom? >> i'm using these impart also we have to stop talking just in cold war frameworks which is the main way this is talked about in this town or just like a wmd who has been said from everything by national security risers. if we are going to be using metaphors and comparisons, the period of the cold war is not the only one to draw from and in fact if we are drawing from the cold war, to me we are in the trade of the early stages of the cold war where we didn't understand the technology but we also took characters seriously. >> not exactly that hygiene.
i'm a student at sites across the street. if you zoom back a little bit and think of the world, i mean people talk a lot about the u.s.-russia china but very few people talk about the tear down which i think countries like israel and the e.u. and then there's another tear down which is latin america and maybe central asia. i come from turkey where a recent government report said information was protected by passwords like 123 and very weak systems. what do you think is the place of those countries in cybersecurity in the future? >> so there are a number of different issues. so for example the number one generator of malicious traffic
on the internet right now is indonesia. so how did indonesia get to this set of discussion? we have seen this. this is now a real issue for every country. there are some benefits to being small. you actually can have a trusted group of people so i know we have checked tarek brookings with some governments that have been the victims of cyberattacks and they have set up a voluntaro react to the crisis and that works but never works in a large country the size of u.s. or china. this is what i call cybersecurity ghettos where as more and more countries develop basic defenses you are going to those who are seeking to exploit insecure infrastructures move to a smaller and smaller set of countries but then have a much higher are to make himself more
secure. and so the downside if i don't have to outrun air, just after or in you is you have a number of people who are just slower and my worry will be the source of attacks. this has been identified as an issue. in fact the republic of korea has said cybersecurity capacity building should be a priority for the world bank and they are trying to figure out how they can go about build that and a national corporation to raise everyone up above the level. >> one of the other things and you touched on is it is this is a space where you have so many different types of players and this question in response, we fell into that old political science flawed just talking about states and yet this is a domain where everything from state's large and small to nonstate actors that range from
targeted google to anonymous to uni all matter. we all play, we all have power. different levels of our but we all matter in the soap we are talking about problems and solutions we have to move out of that classic framework. that leads to one, back to a policy side read we can draw lessons from other actors out there so as an example there was an active debate within the u.s. military right now about what is the role of the national guard and reserves when it comes to cyberand we are purging it in a very classic national guard reserves model versus i think a stony model that might be more to it. similarly if we are talking about the makeup of the internet itself is fundamentally shifting due to the location of the threats to the panic that we used to illustrate how the internet is changing is that if you look at google tracking,
cute cat videos are now starting to lose out to cute panda and cute videos. it's a fun way of showing that the power of chinese users of the internet and african users of the internet are growing but also their cybersecurity threats and concerns are rolling with the number of videos that are out there. steve wright appear in front. >> arthur silber, unaffiliated but i do have an atm card. how hard or easy is it to but obscure or indeed to forge the origin of a cyberattack blacks. >> from whom? it depends on who you are trying to fool. if you are trying to fool your
basic system fairly basic rate if you're trying to fool an and national intelligence organization you not only have two use technical obfuscation, you also have to have the perfect operational security. so you have to remember that among the defenses that countries have is not just let me look at this package and try to use technical forensics. it is, let me see what my intelligence service as they have been eavesdropping on satellite and telephone calls, what are they talking about. then you have to narrow down further to who wants to attack you without you knowing it was them which is also a much smaller set. so it depends on what kind of attack you are worried about what kind of resource. if you are trying to fool your local police department about who is sending all the money in a bank account to kazakhstan, pretty straightforward. if you're trying to fool the federal government into a false lag operation you need to do it a lot more carefully and it's
much much harder area and. >> made a joke at the start about your atm card but it's a great illustration of some of the earlier points. the first is your atm card, it's a rare approach to security. it's something you have that but then i also asked you for something that you know, your password and that points to two things. first of points to why does the bank have that structure as opposed to you know the way we approached security and other sectors and goes back to what allan was saying the differences in incentives and the different kinds of industries where tanks because they understand the price and oh by the way there's a legal framework that drives that kind of price for them, they have put in those security requirements that you think are quite simple and easy versus a power company that doesn't have these kinds of approaches and still does use the 1234 password
approach or the 80% of small power companies that aren't under any kind of cybersecurity regulation right now. and so to me it points to this value of the incentives but also how personally we should all be thinking about our own security. you have double defect or for your atm. do you have for your gmail wax if you don't, you should. >> we have about 10 minutes left on this panel and then we are going to roll writing for next panel with some of the top reporters in d.c. and new york. let's do two more quick questions and we will turn to the next panel. >> hi. i am from the dutch embassy and i like very much that we have the calmer station about the human factor because the impacts impacts -- intact space domain. i'll also talk about the last 6%
where a role for the government could exist. so i want to give you three examples and ask your opinion about it. the first ones are the black markets of the internet. actually one of the main drivers or one of the main successes of stuxnet was the use of zero day day -- and another example is the industry-leading processes and ship any fracturing. cryptography does not lie only in software and breaking the cryptography on a hardware level can have an origin in our industry and hence our government has a role in that. our last example is about the isp. i have seen a professor doing
huge research on the role of isp in combating -- and these are responsible for a spyware version that arrives on her blackberries in the ge 20 so what do you think of these three examples with respect to the government? >> i will try to jump on them rapidly given the time. on the first one, the black market is a very good illustration of the lessons to be learned from contemporary security policy as well as history not just within the cyberdomain. if we are thinking about current counterterrorism policy, playing whack-a-mole is a loser's game versus going after the underlying structures. so same thing in the book and noah has written about this, understanding the parallels to piracy and privateers back in
the 1600's and 1800's. it's very high-risk individual criminal actors versus privateers they give you a little bit of liability. it's like the example between classic cybercrime versus more stately efforts but in neither case does on the naval side by going after the markets, going after the structures, that is how you dealt with it rather than trying to chase each and every individual. this leads to the isp leshin. it's perfect. it's an analyst ration of how by going after the structures that everybody agrees or bad in these black market it making give you a space for international cooperation where you don't think it's possible. as an example the u.s. navy and the british navy throughout the 1800's trained to fight each other because guess what, they had fought but they also cooperated. much like the u.s. and china in
space where there's a lot of issue for conflict and it's a real thing happening. there are ways we can work together and things that the chinese government calls double crimes. we americans have issue so isps one study showed that 20 out of the top 50 cybercrimes stealing isps are american. the chip question absolutely this is a hardware vulnerability that could be a koontar systems and i would point to a military example. it was just revealed that the f-35 program allowed certain chips made in china to be dropped in a wave around them. >> these examples very quickly really capture how you need to understand you cannot address this issue without understanding
the technical the economic and the political side. for example on the isp side different countries have looked into the options of should the isp tell me whether my computer is part of an international.net that might be attacking the dash and the challenge there is on the technical side. we actually don't know very much about what the likelihood of detection is and what is the possibility of reinfection? on the black market side i think this is a great land we are starting some work on that in the gw where the locus is the understanding what technical questions shape the effect of the market. for example if i discover of vulnerabilities in the software and what is the likelihood that you as an adversary rediscover that vulnerability? because if we are both going to find it we are going to have
different equilibrium in the market and look for policy solutions benefit chances of rediscover year zero. we need to understand the technical details how code is secure over time as well as the market side and that will lead us to understand the government side. >> we will talk her one last minute before we go on to the next panel. >> hi. i am an attorney in town also. my question is about resources and i'm thinking of the post-9/11 era when you talk about major tax there was talk about hardening of soft targets and what do we do about shopping malls and people blowing themselves up. that debate wand up with there isn't much we can do and we have been fortunate we haven't seen the many attacks that there could be. here it seems to me if this is a good analogy the problem is
there's a lot of -- to those soft targets. someone he wants my credit card can get it from target or they can also get it from a cupcake store amazon.com. i'm wondering do we have the resources to harden the soft targets that we need to and if we don't what does that mean? >> i will jump in on an example of the military implications and please weigh in. to me what is fascinating about this is how we approached security within dod which is hard and the dod, try to delink it from these threats has improved possible both the cassette threats coming in and massive amounts coming out to trying to incentivize one part of the defense economy, the major contractors to get much better have their security. they have seen these kinds of threats to their intellectual
property but then not facing the fact that there is this wider set of targets out there that are quite soft. the incentives are not right. the awareness is not there. you can have just as much implications so to give vanilla station in the first book i did was on private military contractors how our entire logistics system is dependent on these companies. so let's imagine you have a perfectly harden states u.s. military network but what happens when someone enters into the logistics company and changes the bar code numbers for the shipment of gasoline to toilet paper so you have got that unit out there that gets a delivery from the supply train and its toilet paper not gasoline or ammunition or if we are thinking about defense industry the big crimes have paid a lot of attention to getting themselves secure but the supply chain and
particularly the small companies are well protected and that is where we are going in. it circles back to what we are talking about before understanding we are all in this space and we need to raise the level of for science and awareness. >> great quickly on the private sector side i have been doing economics security for decades now it comes down to do things we are still trying to understand that working towards. one is how we think about return on investment. how can we create incentives by saying if you make yourself more secure it will be in your interest. we need a way to communicate that and think about the governments about the government's work is wellness second thing is just scale. ultimately defense comes down to making it cheaper to defend than to attack and that means we need to raise the cost to the attacker and lower the cost to the defender. that's a technical question but also in organizational and an economic question and fundamentally as peter said it's
a question of politics and governance. >> so that is all we have got time for with this panel. i want you to join me in an applause for peter and allan. [applause] they will be signing books at the end of our next panel outside here and also available at cybersecurity book.com. now i would like to ask the second group but panelists to come up to the podium and ask y'all to sit tight and we will roll right into our next panel. >> thank you all. >> thank you. >> so, peter asked me to put together this second panel of reporters so i just went ahead
and picked four of my favorite reporters who not only are great on this issue but you know, are just great in general. and so and fabulous people, great cooks. so starting right here to my immediate left sub vibe who is a reporter with "the wall street journal" and david sanger who is titleist chief washington -- of "the new york times" and tom gjelten up "national public radio" and in the awesome shoes we have from the u.k. as you can tell by those shoes, james ball from the guardian. let's just start with the nsa stuff since it is the big issue right now. can we talk a little bit about how the introduction of these
snowed in leaks has kind of changed the way we are doing business and how much harder or easier it is then to report on the nsa and the intelligence community as a result? siobhan you have been covering the nsa ford -- too long. >> too long. it has cut loath ways. i haven't been writing so much on the snowden documents themselves but i've been writing on sort of related nsa issues in the midst of all of this and i've actually found that as many people might feel a little bit less inclined to want to share information about it, there are at least as many that now feel, i don't know if it's emboldened or if they just feel that this is an issue that is going to get more attention now so it's worth their while to share what they
know with reporters whether it's by way of context or additional information and details. i think how bubbly on balance it has led to you know a greater amount of information that reporters are learning even beyond the scope of documents. in addition to that obviously the government is behaving somewhat differently from the way it did. i would say setting up a task force to deal the snowden lakes is an unprecedented thing for them to dilma can obviously argue they have an then as forthcoming as they should but certainly as you are looking at what the baseline is it's a lot more -- and i have found it fascinating that the government has released these huge document docs in waves and especially in the beginning but even some of the recent ones. we have seen a lot of highly relevant tori court opinions from the foreign intelligence
surveillance court that in a lot of ways are more condemning than anything the snowden put out. i don't think it cuts one way or the other. >> i would agree with that. i would add that i think there are three different elements of this to think about. the first is that even before the snowden leaks happened i think all of us would say reporting on these topics is not in easy thing in shinki in. i could recite for you all the statistics of the number of leak investigations underway by this administration including many people on this panel or based on stories that they wrote but even beyond that these topics have all been topics on which the obama administration i have found has been less willing to discuss than even the bush of administration and that's all -- we all recall the bush of
administration didn't when a reputation as a font of openness. that is the first rid the second is the immediate response to the snowden revelations i think was for many of the intelligence agencies to sort of hunker down and not answering the questions and then they discovered, fall but that was getting them probably into more difficulty than if they actually came out and explained some of these programs. and what has struck me about the documents that siobhan has mentioned that have come out in recent times it's reasonable to ask the question did all of these programs need to be classified to begin with? for example, i don't know the answer to this but all posted as a question. had the nsa revealed the bull collection of metadata programs would it have truly helped any terror group that was trying to evade it, or could they have won some democratic i into this
concept reticular in the years immediately after 9/11? and i think the third element from what we have learned from the documents themselves, many of them have been very rude relevant tori. some of them have been quite dated so you have to avoid the temptation of looking at it documented in assuming just because you are looking at now it represents what events are like today. so we are at a point with the documents were two things have gone on. first for general reading public it's become something of a blur. there've been so many documents out there they can't quite sort out what's new and what's not. and secondly we are at the point where we really have to supplement them with some form of other rep hoarding to be able to explain them. >> i have found this to be a really difficult story to cover
in many ways. first of all the complexity and this of course applies especially to our radio reporter who needs to tell people stories and not just write it out and give thee up to new teacher read the story three or four times. these are some really complicated issues that we are learning about. from that point of view, it's extremely difficult. i think that there are -- that there have been as many errors in reporting the story as i have seen in a while. and i think that's partly because of the difficulty of understanding what it is that we are learning and communicating. and then added to that, i don't recall and i've been covering national security for a number of years and i'm curious about how the rest of you feel about this, i don't recall a story where there has been as much
polarization as there has in the story. peter baker, david's colleague at the time smack had a piece in the weekend where he quoted peter squier saying that he had a friend that silicon valley saying that 90% of the people in his tech company were convinced that edward snowden was a whistleblower and every single person you talked to in the national security establishment felt that edward snowden was a traitor. i think we have seen this deep polarization throughout the way that we have reacted to these disclosures. it's not that we should as journalist shot away from stories where there is a polarization of opinion but in this case, because we as news organizations and the guardian and the post as well have been players actually in the story and there have been, you know there has been a lot of -- it's
been a situation where is the news organization you have to decide what kind of posture you want to take an approaching these disclosures. for all of those reasons, i mean none of these as i say are issues that we should not, that we should be afraid of dealing with but it is a really complicated story. >> i think it's quite easy to understand if you are one of the outlets with access to the documents and obviously the guardian has access to a substantial number of them. we have been doing primary reporting. i think initially there was this impression that edward snowden was turning over to all three at the time and actually his approach was to trust reporters antitrust outlets as opposed to the guardian and various other places. to actually find out for himself
and decide himself what is of interest. that is the extraordinary challenge. here's this one document and its brilliant and they were obviously once that one out in the first week or two, the verizon document. now it seems like an and extraordinarily simple story compared to the ones that touched on cybersecurity that we talked about while you are trying to build up this impression. you start to see very clear signs that there were deliberate efforts sorted not to improve security but to keep it weak or because of these issues in the systems and the nsa having enough confidence that they could finally take it manage a vulnerabilities better than other people so they would keep those vulnerabilities there. that started to see a few documents and touched on dozens more in dozens more and what happens is you have diplomatic
correspondent tour good to the diplomatic relations aspect. you have reporters with the technical background. you are trying to separate separate technical acronyms. you are not looking at a guide. it's not a tutorial so you will have a sentence which means absolutely nothing to any sane human being but it's perfectly comprehensible to a reporter of national security. so you have it in terms of that. especially on cybersecurity and all sorts of intelligence issues there is than the sort of decade or more where there's just been the concept of we need more security, we need more spending, we need more powers and what snowden did was get this democratic accountability
together for a public debate. americanamerican s sees it quite well for britain not so much. as you may have noticed we have a few issues over there. i think that is fairly commendable. i think this debate can be quite constructive and alarming even if you are not someone who believes snowden is a whistleblower as i do, there was a very strange moment in the u.k.'s intelligence community to assess the chances of anything like snowden happened to the u.k. intelligence services. he dismissed it as not a risk as if it couldn't happen. of course at already had. there are lots of documents and the fact that he seemed to consider this a -- should terrify you. i mean, he just evidently didn't
understand the question let alone the risk. and so i think whatever your stance, whatever you think should be done in these areas, it's clear you know there are a lot of russians still to ask you >> it seems like a hallmark of cybersecurity reporting over the years has been the desire by government agencies and outside contractors to always heighten the risk. the sky is always about to fall. it's amazing how every minute of every day the sky is about to fall. do these documents change that at all? you talked about all of a sudden a high-ranking intelligence official kind of lowballing risks. so have we finally seen the end of fear uncertainty and doubt
orders -- how is the stuff changes at all? >> do you mean in terms of cyberitself? >> yeah and also in the risks associated, the risks yeah with these leaks. >> seems the insider threat is higher than estimated and the outside threat may be lower than estimated. also making these estimates is maybe not the wisest thing one can do. the concern and this is really affected by the sudden documents the concern i would care from government or security types is not so much that it was high-risk but that so many of these cyberattacks could the high consequence. .. a
semester at best asymmetric challenge. -- this is an asymmetric challenge. you only one example to show it is a big deal. the security experts i would talk to, who point to , is not so threats organizationse with the greatest capability like china and russia will do it, but more that there is a black market out there and are -- there is an only -- there is only a matter of time before things get out of hand and you have a reasonable risk of getting into the hands of someone who wants to do something bad. insider threat poses higher risk. >> the only point >> anybody else want to tackle that? >> we now know one of the
reasons the u.s. government is so concerned is of a structure to attack united states these documents gore went from when they came out is that it is not that difficult to do things elsewhere. son that underscores their understanding of the risk to the u.s.. the snowden disclosure. the story last week of the a reading the bottom line analysis of the revenue projections and stock price projections for this company, i think that was important to me because ito account has been a really important source of information to us about the threat out there. when you read about how much making,ey are
convincing companies and organizations they are under threat and then proposing ways for them to mitigate that , asat, it makes us reporters, want to think twice thet the issue about hyping threat. there are some really big financial stakes involved in this debate. coreat touches on the issue. as reporters in this particular sphere, almost all of the incentives are which -- with people to hype up the threat. no one wants to say this is low risk and quite safe. you do not know what will happen in the next 12 months. also, you are trying to defend a large budget and budgets often which do not have the same degree of accountability as other areas. you want to stress the dangers. there is a huge industry
struggling with defense budgets not going up like they used to and security budgets not going up like they used to. ciber is a nice little area which still has potential. if you read the report of big wheree companies, this is they are hoping to keep growth or stall shrinking. so, look at the lobbying money spent in this town on cyber in the last five years. it has gone up spectacularly. off.are talking off -- far- the rate of growth is huge. not much money in saying -- hang on and let's calm down for a bit. there is not money in that. few people will push on the cipro -- civil liberties front. not many people are going, hang on, you know, we are looking to try to fix deficit. should we really be spending
this much money on cyber? how do we judge what a win is like? how much responsibility should the federal government be taking e should we leave it more to banks and try to speculate internationally e there is not a boring common sense floppy in the middle of this going, hang on, you know, maybe it is not that bad. my position is, maybe we have to be more skeptical in the cyber field. and that is oh is difficult for journalists. if you say, i have got a great story about terrible threats, you're much more likely than if you go, you should tell people to chill out. it does not yet on the front quite so often. inversion of the fear, uncertainty, and doubt, is that you have the nsa and other operations saying, the core cryptographic algorithms are totally secure.
we did not really undermine them, do not worry. the documents do not say what they mean. in a way that usually, these are the guys saying the sky is about to fall, and now they are saying it is totally fine. i found that interesting. i will ask one semi-related question and then i want to open it up to the audience. this is like, are these documents, are they actually just a shiny object we are chasing and being distracted from real, bigger issues in this space, or, is the big issue , how vast its spying network is? >> to me, i feel like there has a story that has gotten less attention. i referenced it earlier when i talked about the documents released by the director of national intelligence that i actually think there is quite a lot of questions to be asked about the nsa's overall
competency. they seem to mismanage all of the programs. storyis a weird hubble that it is omnipotent, but also incompetent. i do not know what makes a civil libertarian feel better. i think it is more of a nuanced story than that they are taking everything. they are not exactly doing that. what we have seen is when they were attempting to do the phone call records, they claimed to have all of these records and they did not understand their own program well enough to enforce the rules they promised the court they would. we saw that with the internet metadata collection. internetapping the backbone. all of a sudden, they are scooping up domestic communications. to me, it has raised a lot of of considering that so many of these programs
perpetuated themselves for a decade, as these technologies coloringow much more outside the lines does the nsa find itself doing just by accident and the fact it does not necessarily understand the implications of changes in ofhnology, and what sort bearing does that have on all of the other programs we do not know about? >> i am struck by two elements of this, to go to the question of how effective the programs are. if you look at one of the programs they abandoned in 2011, which was the e-mail metadata program, they were looking at roughly one percent of all of the e-mails in the united states, a lot of e-mails. ultimately, they dropped the program in part because of critiques set up internally but in part because they were not getting much out of it. then you go to the presidential advisory committee report that came out a week before christmas, and they were a lot what theinced about
metadata program had actually yielded in the way of preventing terrorist attacks that you would get if you were just listening to the congressional testimony of the generals. if you consider them to be highly competent and highly good at what they do, and i think, for some of these programs, probably better than any other intelligence agency we have seen around the world, there is still a reasonable question, is the amount of time, effort, money, and, in this case, diplomatic and business cost of this, worth what you're getting out of it? >> i can say the amount of time chasing nsa surveillance stories over the been vastlyths has in excess of what i would've preferred to spend my time reporting on. does that mean it is a shiny
object that does not warrant the attention we're getting, i am not sure. i think what the review group said about the effectiveness of these programs is extremely important given that michael, the former deputy director of the cia, was on that. there is real reason to question some of the more extreme claims made by the generals in this regard. i do think however that these disclosures raised a couple of issues that are hugely important and really warrants all of the attention they have gotten. not just the trade-off between national security and civil liberties, a debate we have been having for many years. is the trade-off between the advantages of protecting the good guys versus going after bad guys.
we have seen the trade-off come out really clearly in these documents. undermined nsa has havesecurity and we learned a lot about the vulnerability market in the last few months and the way nsa has actually held onto vulnerabilities for work , versus helplessness of the homeland security, which you get completely in the dark all of time about what kinds capabilities the country has, it really does seem to correct something peter and alan mentioned earlier, all of the priority in this government has in on offense of cyber securities to the expense of cyber defense capabilities. it is a hugely important issue.
that has really been revealed as a result of some of these disclosures. >> maybe the most extraordinary competence issue, foreign policy, a brilliant tale from an anonymous cia official internally promoting the next data program and bring them in a vast, printed out network diagram talking about how you could use it to find keynotes keeping different suspects in contact. he punched out a couple of things where hundreds of people had been contacting this number and saying, look, we would like to identify these. goes -- weter he just decided back here to take a look at that number. it was a pizza parlor. [laughter] which a lot of people call. alexander, one of
the more technologically nerd- ish, because he knows what he is talking about, relatively speaking, intelligence officials, and his big case completely failed. it is just one of those concerning fragments you get. it makes you wonder the extent these large scale trolls we felt a struggle to see much evidence in terms of resolve to justify, how to -- distracted from other missions. obvious threat to subtlecurity, a more -- to do a worth combination of intelligence and security coming together and being run by the same agency and the same people. fitting in bits of
the backbone of the internet, you can see traffic sometimes. it can help you get an early warning on denial of service attacks. that kind of stuff. but if you are trying to persuade companies to let you in to help defend them, if you're trying to encourage foreign governments to cooperate with you on security and so on, while often -- also using cybersecurity as a front for intelligence operations, you are undermining trust in your companies, in your agencies, in all of the defensive steps you could take. that kind of overreach is not easily fixed. that is all about your relationships with the tech sector, allies, everyone. so, when will the u.k. government, german government, other people who should be working and cooperating, foreign banks, the world bank, the u.n.,
and that you, when will they take advice from the u.s. security intelligence agency on cybersecurity den? it will not happen soon. us all in a bit of a mess. where there are not even just the technical side, it is the political mess that has been made of combining intelligence and security. christ that is a really good point. people do not quite understand, the way the internet moves because of a series of handshake agreements, there is not a lot of formal documents and contracts that guarantee my traffic could make its way to japan or what have you. it is just a series of trust arrangements. if you undermined those, you undermine the core of the internet itself. >> which is why this may be the first scandal in modern history that has a eger is this affect
than diplomatic effect. >> right. i will open questions up to the audience. allen'sis is peter and book coming out party, i want to give them the privilege of asking the first question. >> thanks. hi. i am co-author of a new book, which you can find more about. what i love about the structure of it is the first panel tom a we tried to wrestle with what everyone needs to know. you have been exploring how we report and talk about it. thank all ofirst you for coming. i deeply appreciate it. i want to pull the thread further. how do you see news organizations? you are from different types, newspaper and radio and etc.. how do you see them organizing reporting onpic of cybersecurity questions in the future? do you see that evolving? second, the training for
journalists themselves. the technicalut side of reporting on these stories. one of the interesting things to me is that news alice -- news outlets have been among the most notable targets of cyber security threats, from state organizations, certain large power that shall not be named, to recently syrian electronic army, not an army, but has been having a lot of fun with different news outlets from noteworthy ones to the onion. how do you see the training for journalism evolving on this as well as the organization? >> i tend to find especially with reddish journalists, journalists do not like computers and math. to involve both. it is a bit of a team effort.
journalists have to start taking it seriously. we have talked about source protection since the dawn of everything. tedious amongst the profession that you would go to prison rather than reveal a source and so on. now, you could very easily reveal a source just because you are rubbish at computers or your .mail password is 123456 we have to get better at that and take it seriously. is a consensus. part of what else we have to do, start making encryption technology, secure technology, and source protection technology usable by regular humans. a lot of these systems are very competent it, even if you think, personally, that they are important. fine, however brilliant someone is at computer security, if you look at what its wrong, with most things,
is not often that someone did not have the right system. at three clock in the morning, when you have been hours, the servers are met to hold are not working, you give up and send it e-mail, or you cannot face the barrier, every time you have to get in touch with someone doing what you have to do, the technology has to get easier and has to start to be made with regular, normal, fallible human beings in mind. we also have to learn to prioritize. if you get on my twitter account, you will embarrass me. but you will not do much more. if you get my e-mail account, you might find a couple of low level gossip. you will not completely screw me if you get in either.
i have got all of the things you should do. but i do not lose sleep about the idea of people getting in there. we learn what to protect and what not to. it is all about team approaches. if you have a cybersecurity reporter, i can see why in the last few years, to get people to understand broader things and get them to work together. to understand politics. journalists are much better when we work in teams. today we willrned factor in our own system, which i would say is a direct result of the lessons we learned over the last two months. recently, almost all of my collaboration as a reporter was with the foreign and washington desk. since i have been covering the story with the technology
reporters, i have become dependent on them to help me on,re stuff out and working we are working on a series now about the arms race, the digital arms race between the nsa and the tech companies. i am completely dependent when it comes time to talking about encryption security measures. i really take -- depend on technology people at npr to help me with this. case, itust in our own has really opened up a whole new area of collaboration. really not there before. the times hasight been the target of at least two different big groups. a chinese group came in and lived in our computer systems for several months back in 2012. we think searching for the
theces of stories about how prime minister of china passes family got so wealthy while he was prime minister. they did a remarkable job finding their way around a computer system that has stymied me for decades. [laughter] and then we have the electronic army, less sophisticated, come in and attack. one day last summer, they actually managed to close down part ofite for a good the day. the paper came up with an innovative response to take all the stories we wrote that they and printed them on paper and then drove around different parts of the country and drop them. remarkable technological approach. that was gutenberg's best day. itself, we the paper are pretty accustomed to having collaboration that move the
tween the technology and foreign policy. and domestic policy side. i worked for years with no in our science department and we proliferationr stories together and worked for years with john, one of our best silicon valley reporters, and we did much of the early games reporting that way. but it is always a challenge internally because you have to cross your craddick barriers within a news organization. more newsre and organizations have discovered the necessity of that. it is no longer really a choice. if you tried to do an analogy to a previous era, it would not have made sense in the 1940's and 1950's to just have a summary and reporter or just
have a reporter covering nuclear weapons when they were coming out. ultimately, while you wrote a lot about those, that had to get integrated into a broader national strategy. the argument all of us have been making, i suspect, is that this reporting more than anything needs to be put into a broader national strategy. snowden has helped with that. you made the point in britain, it has helped -- been hard to get in much of the debate. i thought after many of the revelations about the u.s. the beldingn in stood cyber weapons, there would be a kind of debate in the u.s. about cyber weapons that there was about drones. but that has taken longer to generate. these things are hard to predict. the journalof how handles cybersecurity, i becaused that evolution
i came to the journal in 2007 and had been covering nsa quite a bit when i was at the baltimore sun. i had just done a larger story on this effort we later learned was the comprehensive national cyber security initiative. i spent a year trying to get our editors to care at all saying, who is being hurt and doesn't involve people? - does it involve people? find me the company. this is 2008. in 2009, we were able to shake loose a few stories that got our editors attention. they work one over. we did too good of a job. covere sudden, and i intelligence. it is not the whole thing. i have an internal lobbying campaign thinking this is a cool set of stories to do. it is kind of interesting.
in 2009, i was supposed to do every hacking thing ever. over time, i think it started the banking and financial reporters, that they realized this was a story companies really cared about. little by little over the last few years, different reporters responsible for different sectors, energy and what have you, have taken their own interest in it and will work together when it is relevant or not. but the journal was a little late to the party in that it was only last year that we actually started a dedicated reporter, which is not necessarily just to make sure this person's prom, but almost to make sure they could traffic copy issues and this is someone who is in d.c. and is now based out in san francisco. corporate from the
side, recognizing this is at least as much a corporate story as a national security story. the way we break it down at this point, i handle some but not all the national security stuff. we all work with our colleagues. cybersecurity, the journal was also hacked. reporting that story was quite an interesting phenomenon, probably different from what david probably experienced. i heard from my editor, it is 10:00 at night, you do not need to do anything with it yet and this may be our own problem to report. i was waiting for someone to call me and explain it. nothing. the next morning, i showed up in the office and said, ok, what are we doing. and they said you could report the story like any other hack. the journal was not quite so forthcoming. it took until 4:00 in the afternoon the next day to get
the intangible statement from our own company that admitted we had been hacked. they claim they need to wait until all of the new security procedures were put in place before they spoke about it. where the kind of thing even after that, we have to call communicationst people and give us the assurance nobody is moving around systems. what i learned from my experience reporting that particular story, my company was not necessarily going to tell me who had been hacked. bureaurs in our beijing only heard on the down low that they had been hacked. obviously, it can happen to us. we take precautions but operate under the assumption it could certainly happen to you. >> that is an amazing story.
asm an editor point of view, other technical issues have become more important to general reporting, there has been a training of reporters and reporters that maybe came up in clinical, that were ok with the he said she said, and there were no real right answers, it is rightactually, there are and wrong answers when it comes to technology. there are things that technology cannot do. i think of one reporter in particular it took a year and a half for me to eat that out of him. it was a process. now he knows. we are all better for it. >> spoken like a true editor. >> management well. [laughter] >> all of his successes are of course trip -- attributable to meet. let's start in the back there. >> retired ceo of publishing and
physics. bit about thetle controversy, the trade-off between intelligence and civil liberties. there is also another one that has not been mentioned as much. that is trade-off for intelligence and democracy. there is such a in as a black budget. not many of us know how big it is. decisions, and what is democracy is a large fraction of our national budget is made without public debate and public knowledge? does in that issue come to the fore with all of the funding for the nsa and what they are doing, and congress has decided? who has decided whether to fund this? what happened to the appropriations process? >> that is a good question. >> i will take a first shot.
even before snowden happened, there was the beginning of some revelations about the size of the intelligence budget. the snowden regulations themselves included a lot more it turnedbers during out a lot of the budget numbers were wrong. that actually tells you something about why you have got to be careful about some of these documents. there was one budget document we looked at that i think the post extensively.bout it indicated 231 offenses cyber attacks in 2011, was that it? appropriation it came from. >> right. it turned out later on the document had been put together by a budget here who did not know much about what a cyber attack is like. most of those were not what people on this stage
the vast majority is kept secret. the thing that struck me when was what is going on with the reflexive secrecy. this is the bulk of what the administration is doing and a lot of it is fairly innocuous. the same is with these intelligence budgets. , whichd the black budget was a budget appropriation and a fairly significant chunk of it was released. if you read that, it is very top line. quite broad. of stuff in that that could be made public. it is not particularly useful information. it might also make you think, should we be spending $500 million on this ticket listing? if nothing else, the democratic
issue, are we not also possibly wasting a lot of money that we could do something better with? when you have that degree of secrecy, you do get massive democratic issues that touch into a lot. you are right. >> let's go here in the second row. >> thank you. an any of you envision scenario in which the united states government gets custody of snowden on american soil? that could be an embassy in another country. >> anything is possible. not -- i do not know a lot about snowden since i do not know we know a lot of the ministrations calculations except for the fact they have .ot been amenable to the notion one interesting thing we will see in the coming years, is
whether or not that issue gains political momentum and becomes a of publicct discourse, or whether that has played itself out. i think that is where he ends up. of -- as a legal decision as apolitical one. >> the president decides it is no longer in his interest to have snowden as a guest of the state, you could imagine him being placed on their plane someplace and landing somewhere he does not want to land there it >> he has only got permission to be there for one year. it is not necessarily an issue that will be up to snowden and his lawyers. wonder whether the likelihood of people fleeing the country when they make these kinds of things rather than doing -- dan ellsberg and all that. you wonder if perhaps the pretrial treatment of money has made it more difficult --
difficult to convince people to and truste country that the justice system will give them a hearing to decide if they are a whistleblower or a traitor. that a really quite long sentence, given that everyone acknowledges there are no proven harm coming to anyone as a result. whether it makes it likely in the future whether the justice system will be able to make these decisions and maybe that was a mistake. >> over here. >> thank you. you have talked a lot about the nsa. getting to your point about the intelligencetween i heard only about
10 minutes. i was driving. but richard clarke described the fact that what they are doing with the nsa review panel was, number one, we had been asked to take a look at what intelligence we actually need. second, we had been asked to look at how transparent we can be in getting the intelligence in a way that matches our democratic values in a democratic society. i did not hear much more. i really wonder given all we have talked about here, with the nsa review panel, are we on the right track? or will this deviate? i would have found out if i heard the rest of the show. i look forward to hearing your views. panel, it that review is fascinating. one of the things we talk about. somebody called in and said the report was very good. , youersed -- i responded
appreciate one written in clear language. an easy to understand. that was a really important report. and mike andclark the others, i think they really nuanced an effort to be about this and to be sympathetic to all of the concerns raised, but also to a national security establishment from which they themselves come. was a veryt interesting report that really set the stage quite properly for precisely the kind of legislative and executive branch action that is probably forthcoming now. of the most interesting things about the report is that the group was and so much in the beginning as being a hand-picked panel by the administration and everyone looked at them membership percent these are allies of the administration. i remember hearing rumblings in
october or so that these guys were taking a broad look at an essay structure and i am thinking, is that really their mandate? the start to hear a little rumbling along the way suggesting they might actually make recommendations that would get noticed. i do not know whether or not that played a role, but it seems like they took it quite seriously. thenderstanding was individual and members of the panel were spending multiple days of the week of their own time on the panel during that time. it seems to produce something debatell really drive a and a policy discussion. >> one of the things said this morning is that we are in a time of peace right now. really an important opportunity for us to think about what we do not want to happen in this future, the schema kind of fiasco we have seen with the nsa. it is the time to come up with
roadblocks to make sure we do not have these kinds of abuses in the future. i think the word, abuses, is a central one here. the group was not really asked to come up with the answer to the question of what is legal. in the past couple of weeks, we have seen court decisions on all sides of this. eventually, you suspect somebody will end up in the hands of the supreme court. instead, the question that president asked them to answer was, do we have programs here we are doing just because we can, instead of because we really need them, because we should do them. that is a very different question. then you get into a cost-benefit if the amounth is of intelligence you are gleaning itm this useful and worth given the diplomatic cost to
confidence in american companies, whether it is apple or google or server manufacturers. thirdly, is it useful to us diplomatically? it has done this kind of damage to our relationships with germany and mexico and brazil, and who knows who else is on the list, with things that may be disclosed in the future, you have to then ask yourself a question, is what you are learning about the internal workings of the mexican government or the brazilian government, or the journal -- german government, actually worth it for the cost of revelation. the most remarkable thing i learned in the course of this is that while the cia asked that question very often about covert programs, if it got revealed, would the damage done be worth it, in the case of the nsa, because they did not believe their programs would be
revealed, i do not think they asked the question very often. >> will -- we have time for one last question. >> speaking about wiki leaks, the counterpoint was zuckerberg, facebook, social media. is there a counterpoint? is there a technological trends that might say, the internet and cybersecurity has a positive future, and we do not have to vulnerabilities, state all the way down to the individual, is there a counterpoint to this discussion? a positive future for technology and the internet? >> twitter's ipo? [laughter] align a response. the governance issue is a big one for the next year. almost any development on it would be negative for internet freedom in areas where it is really important.
important -- unfortunate thing is the u.s. government has very good programs, but there is no trust for them now andfor them, and it will not be taken seriously outside. speaking american, as well, there is a perception that it is a serious international institution and it leads americans. the actual architecture of the and the attitude that the government and the intelligence itncies have taken to that, is now no longer given, u.s. dominance of the internet. something is going to have to give there. it may still be true, or if they
can work out how to go for multilateral, something that actually works and protects what is good about the internet. it could go quite a bad direction. theould be a shame if resulting exposure of the u.s. abusing its -- allowing other states to start abusing newfound powers of the internet. i think that is the opposite direction we want, but it isn't a given yet. a large degree of what happens next depends on the u.s. response. >> i think we are out of time. let's give a hand to our panelists. [applause] they will be signing books in the next room over here, and thanks, everybody, for coming.
are permitted to speak for up to ten minutes eesm the senator from rhode island. mr. reed: mr. president, i ask that dr. jeff fine and lawrence mehan, fell flow fell flows my e granted the privileges of the floor for the dur ravings this congress. the presiding officer: woiks. mr. reed: i stand to speak on the reed-heller bill which would extend unemployment insurance for three months. it is the right thing and the smart thing to do for ow commitment of unemployment insurance has been around since the 1930's. it has received historical support and i'm pleased that senator heller has joined me, so this is a bipartisan bill also. and it's something that we have
to deal with today. it is a huge crisis. aces i said, 1.3 million americans have lost their benefits as of december 28, but we can expect through this next year approximately 3 million more to exhaust their state benefits, typically 26 weeks, and not have this federal long-term benefit available to thevmenvery many. this has awless received federal support on a long term basis. it is something that impacts this entire country. it impacts people who work. you cannot get this program unless you have a job and through no fault of your own you've lost that job. and in this economy people who lose jobs are competing with many, many others from for very few jobs. 1.3 million americans were pushed off an economic cliff just nine days ago. this vital lifeline was helping
them cope. they were not left -- let go from their jobs because of something they did. it was because of no fault of of their own. and they're searching for work in an economy that has nearly three job seekers for ever one job oasmg i will us will traive of this a front-page story in "the washington post." in maryland they are opening up a new dairy operation. and what this story speaks to is something that is happening across this country in so many places. when the good humor ice cream plant closed here two summers ago, more than 400 jobs and a stable punch-the-clock way of life melted away. i would add parenthetically that in connecticut, in rhode island, across this country, west coast,
east coast, north and south, we have seen this happen, manufacturing plants close, move overseas, shut down entirely *67.in plant sat vacant until a co-op of dairy farmers purchased it to process milk and ice cream though on a smaller level than unilever churned out every day. randy spaictded the plant's plas revival to trirk plenty of interest in its three dozen or so initial jobs. 36 jobs. what he did not expect, 1,600 applicants and counting. that's what this economy is about. skilled people losing jobs through plant closures. their whole way of liervetion many of them working for decades, suddenly seeing a
possibly. but it is not one job for one applicant. it is 1,600 applicants for about 36 jobs. they're trying. they're trying awfully hard. but unless we pass this legislation this evening and beginning the process, we're not trying. now, on the economic side of the ledger, moving away from the human dynamic, the nonpartisan congressional budget office estimates that failure to renew unemployment insurance will cost the economy 200,000 jobs and sap .2% of economic growth by the end of the year. why? because these payments go to people who are really desperate. they need this extra cash. and it is about $300 week, maybe $350 a week. they need it to pay rent, to buy groceries, to keep the boiler
running in subzero temperatures, to keep their families together, as they look for work, and, by the way, in order to collect, you have to keep looking for work. so this is not just a program that's fair to people who've worked hard. it is smart for ow our economy. this is one of the best fiscal tools we have available to ensure that we are creating demand, creating additional jobs, and as i indicate add, if we do not pass this, if these benefits lapse and go away, 200,000 jobs will be lost, at a time when u.a.e i swear every mr of this body would say one of the most important jobs is to create more jobs in america. we can do that but we have to start today on this procedural vietnam. -- on this procedural vote. our bill is designed to help families who have weathered through the toughest part of the
great recession, 2009, 2010, 2011 because they were laid off about a year asmg the maximum of unemployment benefits is 73 weeks now, plus state benefits is 26. that's about 9 the. that's about 99. that's roughly two years. they got through the hardest part of this recession which suggests to me that these are good workers, these are people that were strug ring and working when unemployment was much higher and now they need help. i believe we have to keep them that help. now, we should be working together to create an expanded economy so the jobs are there, so that when there's a new plant opening, it's not just 36 jobs and 1,600 applicants; it's a lot more jobs. in fact, you'd to see it the other way. you'd like to see 1,600 jobs and
1,600, 1,800 applicants. we have to do that. i've heard from my scheetion who said they can't do this because they need an offset. well, this is traditionally been emergency spending. it is emergency spending up until december 28 because we extended it last year on an emergency basis. probably creating on the order of 200,000 jobs, just as we'll lose 200,000 jobs if we don't extend it, helping our economy overawvment -- overall. and we have to do this. we've tailored this, senator heller and i, so it is just three months, so it provides the immediate assistance to unemployed workers, it is retroactive so we'll pick up those people who lost their benefits on december 28. but it also gives the senate the appropriate committees and the house the ability to think through this program in an orderly way, to make changes if necessary to look for
appropriate offsets if it is deemed that those offsets are necessary. but it will work in these three months to ensure that people have something to help them get by with while we do our job. now by my count, colleagues that voted to move forward on these nonoffset emergency benefits more than ten times since 2008. ten times we have taken this unemployment insurance program and we've passed it on an emergency basis without offsets. so this is not a new, novel approach. in fact, what is somewhat new is actually providing offsets for this emergency spending. now i would hesitate to say that i would venture -- or i wouldn't hesitate to say that i would venture if we brought up a bill here that had huge tax cuts, particularly for the wealthiest
corporations and individuals, there would be very little discussion on the other side of the offset. but when we're talking of a program that helps working people, we have to have offsets? traditionally we haven't done it. but we can have that conversation. but in order to have it appropriately and help these people, we've got to move this legislation forward. give us the time to work constructively, collaboratively, thoughtfully on the program and also on possible offsets. we shouldn't be filibustering this measure. we should be passing it and then working collegially, cooperatively to improve the program if we can, and if we deem it appropriate, to pay for the program. i've heard some of my colleagues say we need offsets. very vague about what type of offsets. some suggestions about medicare, social security or discretionary
spending. but i don't think americans, our constituents, would want to see those types of cuts. i think they're relieved that through the good work of senator murray and congressman ryan we have a budget for two years and we're doing appropriations bills and we're beginning to provide certainty and we're beginning to provide support for the economy. i do sense, though, that my constituents know that there are many people out there that are struggling to find a job, that want to work and need a little help just to get by. and that's what we would be doing if we pass these measures this afternoon. or began the process of passing them this afternoon. again, i think if we're going to seriously talk about offsets or programmatic changes or responding to different dynamics in the economy, it's not done here on the floor on dueling
amendments or dueling proposals. it's done through regular order, in the committee, in the deliberation. i came here and offered a one-year extension that was not offset, and my republican colleague objected and i completely understand the privilege of doing that and the right to do that. and one they argued was it should go through committee. well, this three-month bill does both. it helps people immediately and it gives us the time to do our job. a few weeks ago i also came to the floor to address an argument that had been percolating throughout this discussion that somehow this whole unemployment insurance program is just being abused, that beneficiaries would rather collect than work. well, the reality is that $300 a week, $350 a week is not something i think people would give up a good job or allow themselves to be displaced from
their job just to collect the benefit. i disagree with this argument. i believe the americans really want to work and they want to get back to work as quickly as they can. they want to do the work they have been trained for. they want to do the work that some of them spent decades investing not just their time but their whole self in this work. one of the interesting things about work is it not only a form of economic remuneration. it is a way we define o*us. you go and within a few minutes of meeting any stranger i bet one question pops up, what do you do for a living? it is often difficult today for millions of americans to say i'm just looking desperately for a job, but millions are. i discussed earlier there is academic research out there that has been bandied about as suggesting no, this is a ruse and abuse. but the research actually
supports the notion that individuals would rather work than collect unemployment insurance. unemployment insurance benefits, as i've indicated, are a fraction of what an individual would earn in a job he had previously. and these are benefits that keep people whole while they're searching for work. there was a very eloquent editorial by charles blow in "the new york times" that addressed some of these issues, and i think his words are very thoughtful because it, i think, strikes the right tone. he wrote "whereas i'm sure some people would view any form of help i'm convinced this is the exclusive domain of the poor and put upon. businesses regularly take advantage of subsidiaries and tax loopholes whout blink an eye. but somehow when poor people or those who unexpectedly fall on
hard times take advantage of benefits for which they are eligible it is an indictment of the morality and character of the poor as a whole. i don't think that's the case. i agree with him. these are people who want to work but they need some help. and we have given them help in the past, and we should continue to do this. this program has been a critical, crucial safety net for families, helping them avoid poverty, helping them get back on their feet, helping them get back into the workforce. and it's been with us since the great depression. and it affects a whole spectrum of individuals. indeed, if you look at 2012 data, about 40% of the households that receive these benefits had income prior to job loss between $30,000 and $75,000. these are middle-income americans who would much rather be working and making close to
what they made before they were laid off and collecting $300. so these benefits are not the exclusive province of the very poor. in fact, more and more they are middle-class, middle-age people who never thought they would be on unemployment insurance. they need this. they are supporting elderly parents. they have children, they have mortgages. they had a professional career, accountants, paralegals, bookkeepers, and they're not looking desperately for work. or they're people that used to work in dairy processing plants, 1,600 of them. or people who used to work in vice president for sales who are so desperate that i assume some of meese resumes if -- some of these resumes if we looked at would be qualified to do many
things other than working at a plant but they're looking because they desperately need work. we look at this program. it is the people who need work. we're not doing them a favor by letting them have this benefit. i disagree. we have to, i think, pass this measure. we have to do it because it' the right thing for these families. it's the right thing for our constituents. and it's the right thing for the economy. i think it would be foolish, frankly, to take a program that we are confident can create 200,000 jobs, can increase g.d.p. by .2%, that is one of the best forms of physical policy to stimulate demand and economic growth and say we're not going to do it. i think we say we have to do it. there's another aspect to this too. particularly appropriate to the
issue of the long-term unemployment. we're seeing a remarkable number of long-term unemployed individuals in this recession. typically these benefits would never end if long-term unemployment was 1.3%. again, this program is a program that takes care of the long-term unemployed. the standard program the states run at 26 weeks, if you have a brief episode of unemployment, you lose a job and five weeks later you get a job, you're in that first tranche of state benefits. these individuals are those who have been, at least have been without work for 26 weeks. we have seen that number of long term employed double from the previous recessions from 1.3% unemployed to 2.6%. this program is more important now than any previous downturn we've had based upon looking at these numbers. again, another reason why we have to extend these benefits.
so i urge my colleagues to support this procedural vote so that the full senate can consider the measure and move towards passage. we need to move swiftly to pass this bipartisan bill and provide some certainty, some stability, some support for families that are struggling in a very difficult market. the answer i would suggest to those who are considering voting against cloture this evening is, fine, you can come down and tell the clerk "no". what are you going to tell the 1,600 people in hagerstown, maryland, and across this country who are desperately looking fork -- looking for work and need some support? and need some support?
to does challenges facing korean's economy in the 2014 and korea's growing influence in the global economy. korea's story is one of the economic success. korea merged from poverty after the korean war to become one of the world most vibrant economies, in fact, within the span of 60 years. korea has moved from state defendant of foreign aid to becoming the 12th largest economy in the world and a member of the exclusive club of
developed nations. in fact, the highly respected financial affairs journal recently picked south korea as well as the sixth hot markets to watch. according to the editor of foreign affairs, south korea has profited from smart leadership and approximate sim toy bigger players making their manufacturing-driive economies especially appealing for investors. does this mean everything is per nect in korea? no. economic and political events in other part of the world can negatively effect korea's growth. the ending of quantitative easing, economic policy of the new japanese government under prime minister, the volatility of the northern korea's regime and trade protectionism around the qorld chip away at economic growth in south korea. it's not all. korea faces domestic changes as well from demographic changes to
a skill skip in the work force, which according to the world bank required korea to recruit nearly one-half million immigrants to fill open positions in the 84,000 small firms over the past decade. our purpose here today is to hear from korea's preimminent scholar in the field of international economics, and the role korea places in the global economy. he's qualified to talk about the matters. working through two different periods in korea's economic history including the asia financial crisis of 1997, and the global financial crisis in 2008. doctor lee was recently appointed as new president of the korea institute for international economics, international economic policy, which is south korea's leading
institute concerning global economic issues. and also, as ambassador for international cooperation and g20 here is pa for the republic of korea. you're pretty busy. dr. lee we look forward to your remarks. he's going to speak for 15 or 20 minute. and we'll open it for questions. if you see waiving it's time for questions. at 3:50, we have another korean guest, mr. samuel samuel minje cho. is he here? did he come yet? okay. and he will make a few brief remarks on korea's role on in the global economy. dr. lee, the floor is yours. >> let me get my watch out to keep the time.
can i have the presentation on the screen? thanks. >> okay. what i plan to do is spend five minutes discussing about the global economy. next five minutes how the g20 views the concentration, and the next following five minutes on the current economy. so i'll sort of spend five minutes each on the three topics. they are all intire related. the first five minutes, i'll speak as the president of kiep. that's -- the following five minutes of the sherpa. that's what we're disuthing at 20 level. and the last as an economist -- independent exist -- economist. let me start. let me start with the economist. it --
by essentially talking about the global economy first. according to our outlook, kiep is the only government-owned think tank in korea responsible for international economy as well as analyzing the potential impact on korea and we have our own protection of the global economy that we work closely with cimf. it's related to me being former -- actually happened before. i actually joined kiep. as we can see here, next year economic -- global economy will be socially charting along no surprise is expected. there's a big question to be asked whether the flow recovery essentially represents a growth or -- existence of large output gap or weather the growth is low.
the questions are still up there. nobody knows for sure what the answer is. next year most leekly will be growing strong per. they face their own problems. i don't think they have been able decouple themselves. depending on what happens on the advanced economy the countries economic growth reveal factored. and large part also through how fast it will take place. whoops. so our economic outlook globally next year lead by advanced economists but there are secialtly five risks. i'm not going to go through it all in detail, but essentially the question i'm asking myself is, will the u.s. recover sustainable and obviously it will d